Christopher S. Crook

The Federal Trade Commission held a workshop earlier this week in Washington, D.C., to discuss possible updates to the COPPA Rule, which implements the Children’s Online Privacy Protection Act (“COPPA”). COPPA was originally enacted in 1998 and regulates the way entities collect data and personal information online from children under the age of 13. The Rule hasn’t been updated since 2013, and the intervening years have produced seismic technological advances and changes in business practices, including changes to platforms and apps hosting third-party content and marketing targeting kids, the growth of smart technology and the “Internet of Things,” educational technology, and more.

For the most part, FTC staff moderators didn’t tip their hand as to what we can expect to see in a proposed Rule revision. (One staff member was the exception, whose rapid-fire questions offered numerous counterpoints to industry positions, so much so that the audience would be forgiven for thinking they were momentarily watching oral argument at the Supreme Court.) Brief remarks from Commissioners Wilson and Phillips staked out their positions more clearly, but their individual views were so different that they too offered little assistance in predicting what a revised Rule may look like. Commissioner Wilson opened the workshop by sharing her own experience as a parent trying to navigate and supervise the games, apps and toys played by her children, and emphasized the need for regulation to keep up with the pace of technology to continue protecting children online. Commissioner Phillips also referred to his children at one point, but his remarks warned against regulation for regulation’s sake, flagged the chilling effect on content creation and diversity when businesses are saddled with greater compliance costs, and advocated a risk-based approach.

Many in the industry are familiar with the following scenario. A young gamer, grinding tirelessly for untold hours perfecting her skill, honing her strategy, finally qualifies for an esports tournament. For that gamer, the true hard work begins after qualification. She now has to try to convince her parents to agree to let her participate, which may include travel (though compensated) to a far off location. In many cases, the first time the parents become aware that their child even entered a tournament (much less won an all-expense paid trip to an esports tournament) is this conversation—after the child has already been offered compensation to travel to and compete in the tournament.

If you are a game publisher, tournament organizer, or otherwise involved in the logistical chain of events described herein, there may be a big problem. The collection and use of data provided by children is regulated in the United States by the Children’s Online Privacy Protection Act (“COPPA”). COPPA is designed to protect the privacy of children by establishing certain requirements for websites that market to children. Most notably, COPPA requires website operators to obtain “verifiable parental consent” before collecting personal information from children. The FTC operates under the assumption that if children are the target demographic for a website, the website must assume that the person accessing the website is a child, and proper consent must be obtained. This assumption exists even if the website did not start with children as the target audience.